> In addition to Gokhan's questions I would be interested to see a
> log (or wireshark trace) of what kmail sent to the server.

Sorry to pick up an old ish thread from last summer but over the weekend I
have added support of DIGEST-MD5 via SSPI. I have noticed some differences
with the content that SSPI can potentially send and as such was wondering:

* Can someone test the SSPI build against telia.com?
* SSPI adds the realm as realm="" (empty) rather than using the realm from
the challenge
* SSPI also adds the qop=auth to the response - to match what was sent in
the challenge - I am currently working on a change to do this in the native
code as well as verifying the auth sent from the server is supported by us
* SSPI uses a 32 hex digit cnonce rather than an 8 digit cnonce. Daniel and
I were having a discussion on here about using longer strings and whether to
use base-64 or hex. We might want to consider changing to a longer 32 digit
cnonce and use a similar calculation to what we do in out HTTP digest code